hugsy/defcon_27_windbg_workshop hugsy/defcon_27_windbg_workshop

  • Stars
    star
    696
  • Rank 64,547 (Top 2 %)
  • Language
    Python
  • Created about 5 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
hugsy/defcon_27_windbg_workshop
github

hugsy

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

DEFCON 27 workshop - Modern Debugging with WinDbg Preview

"Modern Debugging with WinDbg Preview" DEFCON 27 workshop

This repository contains the materials for the DEFCON 27 workshop

Overview

Abstract

It's 2019 and yet too many Windows developers and hackers alike rely on (useful but rather) old school tools for debugging Windows binaries (OllyDbg, Immunity Debugger). What they don't realize is that they are missing out on invaluable tools and functionalities that come with Microsoft newest WinDbg Preview edition. This hands-on workshop will attempt to level the field, by practically showing how WinDbg has changed to a point where it should be the first tool to be installed on any Windows (10) for binary analysis machine: after a brief intro to the most basic (legacy) commands, this workshop will focus around debugging modern software (vulnerability exploitation, malware reversing, DKOM-based rootkit, JS engine) using modern techniques provided by WinDbg Preview (spoiler alert to name a few, JavaScript, LINQ, TTD). By the end of this workshop, trainees will have their WinDbg-fu skilled up.

Where/when?

Saturday August 10th 2019, 1430-1830 Flamingo, Lake Mead II

Skill Level

Intermediate

Prerequisites

Familiarity with Windows platform and kernel debugging Working knowledge of debuggers (pref. WinDbg) Working knowledge of JavaScript

Materials

Any modern laptop running Windows 10 + a hypervisor with one Windows 10 VM guest (for example with remote debugging via kdnet , but can work out with lkd). Also need Internet access.

Quick Links

Acknowledgment

This workshop was originally produced as part of my (hugsy) work at @SophosLabs in the Offensive Security Team.

Authors

  • hugsy

    • twitter gh

  • 0vercl0k

    • twitter gh

More Repositories

1

gef

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
Python
6,785
star
2

cemu

Cheap EMUlator: lightweight multi-architecture assembly playground
Python
932
star
3

gdb-static

Public repository of statically compiled GDB and GDBServer
315
star
4

CFB

Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.
C++
303
star
5

stuff

Unsorted, raw, ugly & probably poorly usable tools for reversing, exploit and pentest
Python
216
star
6

windbg_js_scripts

Toy scripts for playing with WinDbg JS API
JavaScript
212
star
7

proxenet

The ONLY hacker friendly proxy for webapp pentests.
C
211
star
8

binja-retdec

Binary Ninja plugin to decompile binaries using RetDec API
Python
164
star
9

gef-extras

Extra goodies for GEF to (try to) make GDB suck even less
Python
147
star
10

pwn--

pwn++ is a Windows & Linux library oriented for exploit dev but mostly used to play with modern C++ features (17->26)
C++
119
star
11

ctfhub

Where CTFs happen
Python
76
star
12

recon_2024_windbg_workshop

JavaScript
67
star
13

gef-binja

Interface GDB-GEF with Binary Ninja
Python
58
star
14

codebro

Web based code browser using clang to provide basic code analysis.
HTML
43
star
15

modern.ie-vagrant

Modern.ie for Vagrant
PowerShell
42
star
16

bochscpu-python

Python bindings for BochsCPU
C++
33
star
17

binja-headless

Binja (sort of) headless
Python
31
star
18

hevd

Public repository for HEVD exploits
C
20
star
19

modern

A tool to unify the command line of Windows/Linux/MacOS using modern Rust tools
Python
20
star
20

shared-kernel-user-section-driver

Experiment to use sections as User/Kernelmode comm vector
C++
20
star
21

ida-headless

IDA (sort of) headless
Python
19
star
22

gef-legacy

Legacy version of GEF running for GDB+Python2
Python
18
star
23

modern-cpp-windows-driver-template

Windows driver template, using C++20 & cmake & GithubActions
C++
16
star
24

sstoper

SSTP VPN client for Linux
C
16
star
25

proxenet-plugins

Repository for proxenet plugins
Python
14
star
26

ropgadget-rs

Another (bad) ROP gadget finder, but this time in Rust
Rust
14
star
27

pywii

PyWii is a tool to help you control your PC from your Wiimote using Bluetooth.
Python
8
star
28

bakassabl

Cheap Linux sandboxer based on seccomp
C
7
star
29

gef-structs

Open repositories of custom structures for GDB Enhanced Features (GEF)
5
star
30

dji-joe

DJI Phantom3 takeover framework
Go
5
star
31

gef-docker

Ready to use Docker environment for GEF (used for https://demo.gef.blah.cat gef/gef-demo)
Python
5
star
32

socat-rs

A port forwarder for Windows written in 10min. Don't expect much from it...
Rust
4
star
33

modern-cpp-template

A template repository for my C++ projects, with docs and CI
CMake
3
star
34

CFB-cli

Command line tools for CFB
Python
2
star
35

hugsy

2
star
36

dufe

Dummy Universal Fuzzer Ever
Python
2
star
37

dji-jane

DJI Phantom3 detection tool - server part of DJI-Joe
Go
1
star
38

pwn--template

Kickstart C++ exploits with pwn++, with auto-build by GithubActions
CMake
1
star